CVE-2025-44824

Nagios Log Server before 2024R1.3.2 allows authenticated users with read-only API access to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Could not stop elasticsearch" is in the API response...

EUVD-2016-6784

Malware in sbrugna...

EUVD-2025-26323

Malicious code in bioql PyPI...

Mitsubishi Electric MELSEC iQ-F Series CPU Module

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the...

CVE-2025-38278 octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TCHTBLEAFDELLAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marki...

Pepperl+Fuchs Multiple Products Access Control Error Vulnerability

Pepperl+Fuchs OIT Series is a series of high temperature identification systems from Pepperl+Fuchs, Germany. An access control error vulnerability exists in various Pepperl+Fuchs products, which can be exploited by an unauthenticated, remote attacker to manipulate the device, stop processes, read...

Design/Logic Flaw

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

Upgraded Q -> M from #258 [1674661917738]

Judge has assessed an item in Issue 258 as M risk. The relevant finding follows: L-03 Use of deprecated functions Impact The contract uses deprecated function latestAnswer. Such functions might suddenly stop working if no longer supported. Impact: Deprecated API stops working. Prices cannot be...

CVE-2022-30243

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the...

Cosmos-SDK 代码问题漏洞

Cosmos-SDK is a framework for building blockchain applications in Golang. Cosmos-SDK suffers from a code issue vulnerability that stems from non-deterministic behavior of the ValidateBasic method in the x/authz module in the software, and affected versions of the SDK are prone to consensus stoppi...

Spoofing

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

CVE-2021-20999 WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

CVE-2020-5656

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...

CVE-2020-3421

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the...

Vulnerabilities fixed in McAfee Endpoint Security

McAfee has fixed vulnerabilities in End Point Security. A local malicious party could exploit the vulnerabilities to gain access gain access to sensitive data, or by obtaining elevated permissions to stop the anti-virus process and thereby deploy undetected implement malware. McAfee has released...

CVE-2020-3216

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

CVE-2017-18859

Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30...

Code injection

Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30...

CVE-2017-18859

CVE-2017-18859 affects NETGEAR cable modems/gateways (C6300, CM400, CM700, CMD31T) with slowdown/stoppage of network access reported prior to 2017-05-30. The available data from the CVE entry notes the affected models and a timeline but does not provide root-cause details, exploit descriptions, o...

CVE-2017-18859

Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30...